Hi,
I did not check in depth myself, but from what I remember from
discussions that happened last week on #tor-dev, at least one issue
described in OpenSSL secadv_20120104 [0] is pretty much relevant
for Tails (a few cleartext bytes leaking).
Kurt Roeckx, maintainer of OpenSSL in Debian, was asked [1] to provide
fixed packages for Squeeze, and replied [2] he'll try to look at it
this weekend but generally lacks time.
I guess it could help if one of us volunteered to help, e.g.
look how/if the fixes were backported by other distros (none that
I know of, but I may have missed something), get in touch with Kurt,
try test packages in the context of Tor / Tails, etc.
[0]
http://openssl.org/news/secadv_20120104.txt
[1]
http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2012-January/003046.html
[2]
http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/2012-January/003054.html
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Did you exchange a walk on part in the war
| for a lead role in the cage?
